CVE-2026-42776
Missing Authorization in WP Sunshine Photo Cart
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sunshine_photo_cart | sunshine_photo_cart | to 3.6.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in WP Sunshine Sunshine Photo Cart. It occurs because of incorrectly configured access control security levels, which means that the system does not properly verify whether a user has permission to perform certain actions.
How can this vulnerability impact me? :
The vulnerability can allow unauthorized users to access or manipulate data or functions within the Sunshine Photo Cart application. This can lead to limited confidentiality, integrity, and availability impacts, as indicated by the CVSS score, potentially resulting in data exposure, unauthorized changes, or disruption of service.